Quick & Simple Remote Access Solution using MS RD Gateway 12 / 16 / 19 versions – ready to use within the hour
Introduction:
This article shows you how to deploy a simple and secure remote access solution using Remote Desktop Gateway. The RD Gateway allows you to connect to desktops and servers in the office using RDP from home Securely .
In a nutshell the Remote Desktop Gateway role provides a RDP type of SSL VPN remote access service over TCP 443 and UDP 3391. You can essentially connect to your work computer from a home device using MSTSC (Remote Desktop connection).
Cost:
Lets Encrypt public Certificate – free
Windows Server licence – Free trial to test this out
Where can i deploy?
On-premises
Microsoft Azure
Amazon AWS
Google Cloud
Getting started:
Please follow the steps in order for best results….!
First we need a domain joined server (preferably). Navigate to the Add roles and features wizard and install the Remote Desktop Gateway Role service.
Configuring IIS and a HTTPS certificate:
The next steps will be to download the win-acme lets Encrypt client tool for generating a free public SSL certificate. https://www.win-acme.com/
Once downloaded, copy all of the files into the inetpub folder under a newly created folder called lets encrypt as shown in the screenshot.
Then ensure that the you configure external DNS with the FQDN required and ensure ports 443/3391 and port 80 are open on the firewall. You will then need to add the https binding to IIS.
Once this is all in place, you then would run the wacs.exe and follow the steps to generate the public certificate.
follow the steps to create a simple certificate for IIS.
Once completed the certificate will appear in the Web Hosting section of the local computer certificates.
The next step would be to run the importRDGateway script to auto configure the certificate as shown above. this can be found in the lets encrypt folder we created earlier.
Once the script is successfully run, you will see under SSL Certificate in the Remote Gateway Manager, the let’s Encrypt certificate is assigned.
Configuring a basic RAP and CAP Policy:
You need to create both policy’s in accordance to your security requirements. You can create both using a wizard in one sitting. follow the steps of the wizard.
Testing and connecting through the gateway:
This section shows the windows client, however you can use other OS’s and vendor client tools like thin clients to connect to your office resources. If users have apple mac’s this is also supported.
https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/remote-desktop-mac
To test connectivity, open up the Remote Desktop Connection (MSTSC) navigate to advanced and configure the gateway details. Once you have...